While security was once a specialty of interest to only a few programmers, it's now a critical topic for almost all software engineers, project managers, and decision makers. Getting security right is hard because an attacker—having virtually unlimited time—needs to find only one vulnerability in a system to succeed, whereas the defender—constrained in time—must ensure that the system has no weak points. This article provides an introduction into the special issue, which focuses on creating and maintaining secure software by the wide range of developers who constitute the software industry—many who work in domains where cost (both production and maintenance) and time-to-market are the main driving factors. This article is part of a special issue on Security for the Rest of Us.